More random python observations from a perl programmer
Chris Lawrence
quango at watervalley.net
Mon Sep 13 01:28:43 EDT 1999
On 19 Aug 1999 16:37:50 GMT, Duncan Booth <duncan at rcp.co.uk> wrote:
>tchrist at mox.perl.com (Tom Christiansen) wrote in
><37bc1339 at cs.colorado.edu>:
>>GOTCHA: (high)
>> Because you can't use readline() to get a number, people seem to enjoy
>> calling eval() just to get a string turned into a number:
>> import sys
>> str = sys.stdin.readline()
>> num = eval(x)
>> This is scary. Even scarier is the propensity for calling input(),
>> which auto-eval()s its input to make sure it's the right "type".
>> (Funny that a soi-disant "typeless language" should be so danged
>> picky about this.) That means you see people write:
>> num = input("Pick a number? ")
>> But the person can supply as an answer 0x23 or 2+9 or pow(2,4)
>> or os.system("rm -rf *"). I am stunned.
>
>People may enjoy this but personally I would just do
> num = int(sys.stdin.readline())
>BTW, I am not commenting on the comparisons with Perl since I don't claim
>to know that language, but I seem to remember hearing that Perl would
>silently convert the string "42x" into the number 42 without throwing an
>error, now there is scary.
I always use raw_input(), which always returns a string, and do sanity
testing on that. input() is inherently dangerous (IMHO it shouldn't
even be available so easiliy).
Chris
--
=============================================================================
| Chris Lawrence | Get the skinny at DeltaPolitics |
| <quango at watervalley.net> | http://deltapolitics.dhs.org/ |
| | |
| Grad Student, Pol. Sci. | Visit the Amiga Web Directory |
| University of Mississippi | http://www.cucug.org/amiga.html |
=============================================================================
More information about the Python-list
mailing list